from:"Sanjeev Sharma"

RE: JDBC Connection over VPN

2012-05-07 Thread Sanjeev Sharma

Found a solutions for this.  Apparently Java 7 wraps IPV4 addresses as IPV6, 
which is not supported by Cisco Anyconnect.  Turning of IPV6 on the Cisco VPN 
adapter (Control Panel\Network and Internet\Network Connections) fixed the 
problem.

-Original Message-
From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com] 
Sent: Monday, May 07, 2012 4:04 PM
To: Tomcat Users List
Subject: RE: JDBC Connection over VPN

Telnet seems to connect.

-Original Message-
From: Saurabh Makol [mailto:saurabh.ma...@gmail.com]
Sent: Monday, May 07, 2012 3:50 PM
To: Tomcat Users List
Subject: Re: JDBC Connection over VPN

Can you run

telnet  1521 from command prompt when you VPN into your 
network?

On Mon, May 7, 2012 at 3:46 PM, Sanjeev Sharma < 
sanjeev.sha...@buchanan-edwards.com> wrote:

> Using port 1521 in both cases, but it only fails for JDBC.
>
> -Original Message-
> From: Propes, Barry L [mailto:barry.l.pro...@citi.com]
> Sent: Monday, May 07, 2012 3:43 PM
> To: 'Tomcat Users List'
> Subject: RE: JDBC Connection over VPN
>
> Could the VPN connection be utlizing the same port Tomcat or Oracle 
> usually does? Like something at 8080?
>
> Not sure if that's the case; or conversely, does going into VPN block 
> those ports?
>
>
> -Original Message-
> From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com]
> Sent: Monday, May 07, 2012 2:36 PM
> To: Tomcat Users List
> Subject: JDBC Connection over VPN
>
> Hi,
>
> Not sure if this is a Tomcat issue.  When I connect directly to a 
> network and startup my tomcat 7, my JDBC connection to an Oracle 11g 
> network works just fine, but if I tunnel into the same network, JDBC 
> fails to connect to the database.  At the same time I'm able to make a 
> connection to the same database using SQL Developer/SQL Plus.  My 
> network people tell me that all ports are open to me and when they try 
> to capture packets coming from me, they see nothing if I'm starting up 
> my tomcat.  I'm not a Network or VPN expert, but as far as I know, at 
> the application level it should behave just as if I'm connected 
> directly to the network and shouldn't have to worry about which 
> network adapter to use (built in or VPN), and shouldn't have to worry 
> about routing.  I'm at a complete loss, so I'm just hoping there is 
> magical tomcat setting which will fix my problem.  Any help would be 
> appreciated .
>
> Thanks.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
B?CB??[??XX?KK[XZ[
?\?\??][??XX?P?X?]
?\X?KBY][??[??[X[??K[XZ[
?\?\??Z[?X?]
?\X?KB?

RE: JDBC Connection over VPN

2012-05-07 Thread Sanjeev Sharma

Telnet seems to connect.

-Original Message-
From: Saurabh Makol [mailto:saurabh.ma...@gmail.com] 
Sent: Monday, May 07, 2012 3:50 PM
To: Tomcat Users List
Subject: Re: JDBC Connection over VPN

Can you run

telnet  1521 from command prompt when you VPN into your 
network?

On Mon, May 7, 2012 at 3:46 PM, Sanjeev Sharma < 
sanjeev.sha...@buchanan-edwards.com> wrote:

> Using port 1521 in both cases, but it only fails for JDBC.
>
> -Original Message-
> From: Propes, Barry L [mailto:barry.l.pro...@citi.com]
> Sent: Monday, May 07, 2012 3:43 PM
> To: 'Tomcat Users List'
> Subject: RE: JDBC Connection over VPN
>
> Could the VPN connection be utlizing the same port Tomcat or Oracle 
> usually does? Like something at 8080?
>
> Not sure if that's the case; or conversely, does going into VPN block 
> those ports?
>
>
> -Original Message-
> From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com]
> Sent: Monday, May 07, 2012 2:36 PM
> To: Tomcat Users List
> Subject: JDBC Connection over VPN
>
> Hi,
>
> Not sure if this is a Tomcat issue.  When I connect directly to a 
> network and startup my tomcat 7, my JDBC connection to an Oracle 11g 
> network works just fine, but if I tunnel into the same network, JDBC 
> fails to connect to the database.  At the same time I'm able to make a 
> connection to the same database using SQL Developer/SQL Plus.  My 
> network people tell me that all ports are open to me and when they try 
> to capture packets coming from me, they see nothing if I'm starting up 
> my tomcat.  I'm not a Network or VPN expert, but as far as I know, at 
> the application level it should behave just as if I'm connected 
> directly to the network and shouldn't have to worry about which 
> network adapter to use (built in or VPN), and shouldn't have to worry 
> about routing.  I'm at a complete loss, so I'm just hoping there is 
> magical tomcat setting which will fix my problem.  Any help would be 
> appreciated .
>
> Thanks.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>

RE: JDBC Connection over VPN

2012-05-07 Thread Sanjeev Sharma

Using port 1521 in both cases, but it only fails for JDBC.

-Original Message-
From: Propes, Barry L [mailto:barry.l.pro...@citi.com] 
Sent: Monday, May 07, 2012 3:43 PM
To: 'Tomcat Users List'
Subject: RE: JDBC Connection over VPN

Could the VPN connection be utlizing the same port Tomcat or Oracle usually 
does? Like something at 8080?

Not sure if that's the case; or conversely, does going into VPN block those 
ports?

-Original Message-
From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com]
Sent: Monday, May 07, 2012 2:36 PM
To: Tomcat Users List
Subject: JDBC Connection over VPN

Hi,

Not sure if this is a Tomcat issue.  When I connect directly to a network and 
startup my tomcat 7, my JDBC connection to an Oracle 11g network works just 
fine, but if I tunnel into the same network, JDBC fails to connect to the 
database.  At the same time I'm able to make a connection to the same database 
using SQL Developer/SQL Plus.  My network people tell me that all ports are 
open to me and when they try to capture packets coming from me, they see 
nothing if I'm starting up my tomcat.  I'm not a Network or VPN expert, but as 
far as I know, at the application level it should behave just as if I'm 
connected directly to the network and shouldn't have to worry about which 
network adapter to use (built in or VPN), and shouldn't have to worry about 
routing.  I'm at a complete loss, so I'm just hoping there is magical tomcat 
setting which will fix my problem.  Any help would be appreciated .

Thanks.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

JDBC Connection over VPN

2012-05-07 Thread Sanjeev Sharma

Hi,

Not sure if this is a Tomcat issue.  When I connect directly to a network and 
startup my tomcat 7, my JDBC connection to an Oracle 11g network works just 
fine, but if I tunnel into the same network, JDBC fails to connect to the 
database.  At the same time I'm able to make a connection to the same database 
using SQL Developer/SQL Plus.  My network people tell me that all ports are 
open to me and when they try to capture packets coming from me, they see 
nothing if I'm starting up my tomcat.  I'm not a Network or VPN expert, but as 
far as I know, at the application level it should behave just as if I'm 
connected directly to the network and shouldn't have to worry about which 
network adapter to use (built in or VPN), and shouldn't have to worry about 
routing.  I'm at a complete loss, so I'm just hoping there is magical tomcat 
setting which will fix my problem.  Any help would be appreciated .

Thanks.

RE: Tomcat as Application Server

2012-02-17 Thread Sanjeev Sharma

The term "Application Server" predates JEE and EJB.  I would call Tomcat an App 
server since it "processes server-side business logic" (i.e. you don't need 
EJBs to process business logic and it's sometimes a bad idea anyway.)

Sanjeev

-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Friday, February 17, 2012 1:19 PM
To: Tomcat Users List
Subject: Re: Tomcat as Application Server

On 17/02/2012 16:43, Caldarale, Charles R wrote:
>> From: Anjib Mulepati [mailto:anji...@hotmail.com]
>> Subject: Re: Tomcat as Application Server
> 
>> So can I say Tomcat is Web Server but doesn't not support as full 
>> application Server?
> 
> That rather depends on to whom you want to say it.  Again, Tomcat is a 
> servlet container (as defined in the Java EE specs), which is more than 
> adequate to run many applications.  Whether or not it's an appropriate server 
> for the job you want to do depends on what exactly you want to do - which you 
> haven't told us.
> 
> (Why does this line of questioning sound suspiciously like a homework 
> project?)

(Or trolling.)

Tomcat is not a full JEE server, as stated above.

The definition of 'Application Server' is not 'Full JEE Server' unless you 
drink Oracle juice for breakfast.

I have and do run applications on Tomcat, which is a server.

All of which amounts to a semantic "so what?".


p


>  - Chuck
> 
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
> MATERIAL and is thus for use only by the intended recipient. If you received 
> this in error, please contact the sender and delete the e-mail and its 
> attachments from all computers.
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-- 

[key:62590808]

RE: controlling Server Authentication only vs Mutual authentication

2012-02-14 Thread Sanjeev Sharma

That's what I thought.  Thanks anyway.  This is good information!

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Tuesday, February 14, 2012 11:50 AM
To: Tomcat Users List
Subject: Re: controlling Server Authentication only vs Mutual authentication

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sanjeev,

On 2/13/12 11:01 PM, Sanjeev Sharma wrote:
> Thanks for your reply.  If I set clientAuth="want" will it not ask 
> me for a certificate every time I create a new session?

It will not ask for a certificate, but if you provide one, then it will
be used.

> And if I'm forwarding (or redirecting) from a page that only
> requires straight SSL with server authentication to one which
> requires mutual authentication, will it force the browser to prompt
> for a client certificate?

This won't work with forwarding, because that's all done after the
Connector has performed the SSL negotiation: if you want to change the
SSL rules, you'll have to perform a redirect to a location that
requires SSL. Or, I suppose, you could sniff the certificate at some
point and perform a redirect if you needed the certificate.

Cert negotiation is done at the SSL level (before your code even knows
there is a request) and I don't believe the webapp itself can tell
Tomcat how to respond because it's too late.

If you redirect to a place that requires a client certificate, then
the certificate will be requested. I'm fairly sure that means you'll
have to use a different port number or IP address, since you can't
have two different settings for "clientAuth" on a single connector:
you'll need two (or more).

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk86kLsACgkQ9CaO5/Lv0PBprgCgurJCNmUu4PnunjGRCQCP7b0C
PD4An2hUad5YMctmWAR+h6vpGjxpTeql
=rzrP
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: controlling Server Authentication only vs Mutual authentication

2012-02-13 Thread Sanjeev Sharma

Christopher/Pid,

Thanks for your reply.  If I set clientAuth="want" will it not ask me for a 
certificate every time I create a new session?  And if I'm forwarding (or 
redirecting) from a page that only requires straight SSL with server 
authentication to one which requires mutual authentication, will it force the 
browser to prompt for a client certificate?

Sanjeev.

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Monday, February 13, 2012 4:23 PM
To: Tomcat Users List
Subject: Re: controlling Server Authentication only vs Mutual authentication

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Pid,

On 2/13/12 3:39 PM, Pid wrote:
> On 13/02/2012 17:42, Christopher Schultz wrote:
>> Sanjeev,
>> 
>> On 2/9/12 11:17 AM, Sanjeev Sharma wrote:
>>> I work on an java web-app running on Tomcat 7. The entire 
>>> application is required be doing SSL on port 443 (everything is
>>>  accessed via https://). Two different login options are given
>>> to the user : username/password or client certificate
>>> authentication. We employ application-managed security as
>>> opposed to contain-manage (i.e. we don't use realms). I have
>>> the following connector in my server.xml:
>> 
>>> >> maxThreads="150" scheme="https" secure="true" 
>>> keystoreFile="d:\certs\server_cert.jks" keystorePass="changeit"
>>>  truststoreFile="d:\certs\truststore.jks"
>>> truststorePass="changeit" clientAuth="true" sslProtocol="TLS"
>>> />
>> 
>> 
>>> This forces mutual authentication on anything I try to access 
>>> using https. How can I configure tomcat so that only specific
>>> links (a specific struts action for example) would require
>>> mutual authentication or how can I exclude from the mutual 
>>> authentication.
>> 
>> I think what you want is clientAuth="want" and then you can
>> maybe write a Filter that requires certain SSL certificate
>> features in order to pass-through. Then, just map your Filter to
>> those areas that require (additional?) SSL authentication.
> 
> Is this a variation on the SSLFormFallback thing again?

It's tough to tell. At any rate, here's the link for the OP:
http://wiki.apache.org/tomcat/SSLWithFORMFallback

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk85f0cACgkQ9CaO5/Lv0PCGswCfQYAJWL099gO+Qe7/Q7nrKtrl
GJUAni7zQNZyWjonMnygEmCraQXsGf/+
=XBwa
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: controlling Server Authentication only vs Mutual authentication

2012-02-10 Thread Sanjeev Sharma

Found a solution to this.  In case anyone is interested in, I gave my server 
two IP addresses and used two connectors with the two IP address in the 
"address=" field of the connectors.  I set one of them to "clientAuth="true" 
and the other "clientAuth=false".  I do have to do a "redirect" from one to the 
other when I would've preferred to "forward", but otherwise this solution works.

-Original Message-
From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com] 
Sent: Thursday, February 09, 2012 11:18 AM
To: Tomcat Users List
Subject: controlling Server Authentication only vs Mutual authentication

Hi,

I work on an java web-app running on Tomcat 7.  The entire application is 
required be doing SSL on port 443 (everything is accessed via https://).  Two 
different login options are given to the user : username/password or client 
certificate authentication.  We employ application-managed security as opposed 
to contain-manage (i.e. we don't use realms).  I have the following connector 
in my server.xml :

This forces mutual authentication on anything I try to access using https.  How 
can I configure tomcat so that only specific links (a specific struts action 
for example) would require mutual authentication or how can I exclude from the 
mutual authentication.

Thanks,
Sanjeev.

controlling Server Authentication only vs Mutual authentication

2012-02-09 Thread Sanjeev Sharma

Hi,

I work on an java web-app running on Tomcat 7.  The entire application is 
required be doing SSL on port 443 (everything is accessed via https://).  Two 
different login options are given to the user : username/password or client 
certificate authentication.  We employ application-managed security as opposed 
to contain-manage (i.e. we don't use realms).  I have the following connector 
in my server.xml :




This forces mutual authentication on anything I try to access using https.  How 
can I configure tomcat so that only specific links (a specific struts action 
for example) would require mutual authentication or how can I exclude from the 
mutual authentication.

Thanks,
Sanjeev.

RE: Client Authentication--getting certificate information on the server side

2012-02-06 Thread Sanjeev Sharma

Thanks so much.  I was just dumping session in psi-probe.  I didn't think to 
look in the request.  I get exactly what I need when I us 
request.getAttribute(org.apache.catalina.Globals.CERTIFICATES_ATTR).  Thanks 
again!

-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Monday, February 06, 2012 12:20 PM
To: Tomcat Users List
Subject: Re: Client Authentication--getting certificate information on the 
server side

On 06/02/2012 17:01, Sanjeev Sharma wrote:
> Hello,
> 
> I'm trying to configure client authentication in Tomcat 7 on Windows 7.  I 
> have the following connector in the server.xml:
> 
> protocol="HTTP/1.1"
>SSLEnabled="true"
>maxThreads="150"
>scheme="https"
>secure="true"
>keystoreFile="d:\certs\server_cert.jks"
>keystorePass="changeit"
>truststoreFile="d:\certs\truststore.jks"
>truststorePass="changeit"
>clientAuth="true"
>sslProtocol="TLS" />
> 
> In my web.xml I have the following :
> 
> 
> CLIENT-CERT
> PKI Enabled App
> 
> 
> This forces client authentication when I try to access the app using a 
> browser and when I provide a trusted certificate, I'm able get authenticated. 
>  After the authentication I was expecting to get the client certificate 
> information in the session, but I get nothing.  How do I pass the Common Name 
> from the subject line of the client certificate to the server during 
> authentication so that I can access it from a struts action?
> 
> Thanks in advance.

There are a number of variables (javax.servlet.request.ssl*) available in the 
*request* rather than the session.  Which ones are you trying to access?

There's a list of various relevant things here:

http://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/catalina/Globals.java


p





-- 

[key:62590808]

Client Authentication--getting certificate information on the server side

2012-02-06 Thread Sanjeev Sharma

Hello,

I'm trying to configure client authentication in Tomcat 7 on Windows 7.  I have 
the following connector in the server.xml:



In my web.xml I have the following :


CLIENT-CERT
PKI Enabled App


This forces client authentication when I try to access the app using a browser 
and when I provide a trusted certificate, I'm able get authenticated.  After 
the authentication I was expecting to get the client certificate information in 
the session, but I get nothing.  How do I pass the Common Name from the subject 
line of the client certificate to the server during authentication so that I 
can access it from a struts action?

Thanks in advance.

archived mailing list activity

2012-02-06 Thread Sanjeev Sharma

Does anyone know if the messages on this mailing list are archived anywhere?  I 
sent a question to the mailing list last night, but was not able to sign up for 
the mailing list from my Yahoo email account.  I am signed up using my work 
email address, but don't know if anyone answered my question.  I would rather 
not annoy people by re-posting my question.

Thanks.

RE: JDBC Connection over VPN

RE: JDBC Connection over VPN

RE: JDBC Connection over VPN

JDBC Connection over VPN

RE: Tomcat as Application Server

RE: controlling Server Authentication only vs Mutual authentication

RE: controlling Server Authentication only vs Mutual authentication

RE: controlling Server Authentication only vs Mutual authentication

controlling Server Authentication only vs Mutual authentication

RE: Client Authentication--getting certificate information on the server side

Client Authentication--getting certificate information on the server side

archived mailing list activity

12 matches

Site Navigation

Mail list logo

Footer information